From d7d93b511b8a99159a080782220e91b24549db91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 12 Jun 2023 18:03:27 +0200
Subject: Update puppetboard to new certbot.

---
 manifests/puppetboard.pp | 26 ++++++++++++++++++--------
 1 file changed, 18 insertions(+), 8 deletions(-)

diff --git a/manifests/puppetboard.pp b/manifests/puppetboard.pp
index 6a351a3..a33c02b 100644
--- a/manifests/puppetboard.pp
+++ b/manifests/puppetboard.pp
@@ -5,11 +5,16 @@
 # would be nice, but class['Apache'] doesn't have that parameter,
 # making this a moot point
 #
+# TODO apt install python3-venv
+#
+# @param server_name
+#   Published name of the server
 # @param puppetdb_host
 #   Host to connect for puppetdb
 # @param puppetdb_port
 #   Port to connect for puppetdb
 class profiles::puppetboard (
+  String $server_name,
   String $puppetdb_host,
   Stdlib::Port $puppetdb_port,
 ) {
@@ -22,6 +27,9 @@ class profiles::puppetboard (
 
   # Configure puppetboard
 
+  include ::letsencrypt
+  # include ::profiles::certificate
+
   class { 'puppetboard':
     manage_git          => true,
     manage_virtualenv   => true,
@@ -38,21 +46,23 @@ class profiles::puppetboard (
     Class['puppetdb'] -> Class['puppetboard']
   }
 
-  class { '::profiles::letsencrypt':
-    provider => apache,
+  # Don't use "global" certificate, since that probably probably
+  # requies nginx
+  letsencrypt::cert { $server_name:
+    domains       => [ $server_name ],
+    authenticator => 'apache',
+    config        => {
+      'post-hook' => 'apache2ctl restart',
+    }
   }
 
   # Only set up TLS if we are ready. This allows us to bootstrap
   # ourselves the next run.
-  $certname = lookup('certname')
-  if $certname and $facts['letsencrypt_directory'][$certname] {
+  if $facts['letsencrypt_directory'][$server_name] {
     class { 'puppetboard::apache::vhost':
       vhost_name => $::fqdn,
       port       => 443,
-      ssl        => true,
-      ssl_cert   => "/etc/letsencrypt/live/${certname}/cert.pem",
-      ssl_key    => "/etc/letsencrypt/live/${certname}/privkey.pem",
-      ssl_chain  => "/etc/letsencrypt/live/${certname}/fullchain.pem",
+      *          => letsencrypt::conf::apache($server_name),
     }
 
     apache::vhost { 'http-redirect':
-- 
cgit v1.2.3